HIPAA HITECH Compliance News

BA Security is Worse Than You ThinkSe

I changed the headline of this blog to reflect my personal observations in talking with hundreds of business associates (BAs).  BA security is bad because most BAs don't know the requirements let alone how to meet them.  CE security is bad because a lot of CEs are blase bout HIPAA or rely on outdated views of the requirements.

BA Security Is Probably a Lot Worse Than You Think
Tally of Health Data Breaches Apparently Undercounts Incidents Involving BAs
Marianne Kolbasuk McGee (HealthInfoSec) • May 13, 2016 

Continue reading…

Automated Risk Assessment: Best Value

Combining sophisticated Internet tools with experienced consultants can deliver a HIPAA risk assessment based on the NIST protocol quickly and at a reasonable cost.  

"Automated HIPAA Risk Assessment "
Thu, Jun 9, 2016 12:00 PM - 1:00 PM PDT
1. Click the link to join the webinar at the specified time and date:

Continue reading…

No BA Agreement: $750,000 Fine

An orthopedic clinic failed to get a BA agreement before sharing PHI with a business associate and got a $750,000 fine.  Jocelyn Samuels, director of OCR, said in the statement. "It is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected."


Continue reading…

Ransomware is a HIPAA Breach

A recent article in Health IT Security made the point that crminal control of PHI is a HIPAA breach and that in ramsomware that occurs.  Here is the full article:


Continue reading…

HIPAA Audit Questionnaire

If you were lucky enough to not receive one, here is the questionnaire that is going out to all potential audit winners.  http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/questionnaire/index.html 

Continue reading…

Older Posts